Brinztech Alert: User Data from Major Crypto Exchanges on Sale

Dark Web News Analysis

A critical threat targeting the global cryptocurrency community has been identified on a cybercrime forum. A threat actor is selling a large database containing the user data of customers from several of the world’s largest cryptocurrency platforms. The list of named exchanges includes Binance, KuCoin, Coinbase, Kraken, Bybit, and Bitget. The data for sale consists of sensitive Personally Identifiable Information (PII) such as full names, email addresses, and phone numbers. The seller is offering the data in bulk at a low price point (a minimum of 1,000 records for $20), accepts escrow payments, and uses Telegram for communication, indicating a high volume of sales to a wide range of malicious actors.

A database that specifically targets users of major crypto exchanges is a goldmine for criminals specializing in digital asset theft. While it is unlikely that all of these major platforms were breached simultaneously, the data is more likely an aggregation from previous, unrelated breaches or the compromise of a single, widely used third-party service (like a marketing or KYC provider). Regardless of its origin, the risk to the individuals on the list is identical and severe. Attackers will use this curated list to launch highly targeted phishing campaigns, sophisticated SIM swapping attacks, and social engineering schemes designed to steal passwords, bypass multi-factor authentication, and ultimately drain victims’ crypto wallets.

Key Cybersecurity Insights

This data sale presents several critical threats that are particularly acute for cryptocurrency holders:

• High Risk of Targeted SIM Swapping Attacks: With a victim’s name, email, and phone number, criminals have the key ingredients to launch a SIM swapping attack. By tricking a mobile carrier into transferring the victim’s phone number to a new SIM card under their control, the attacker can intercept SMS-based two-factor authentication (2FA) codes. This allows them to reset passwords and authorize fraudulent withdrawals from crypto exchanges, bypassing a common security layer.
• Fuel for Sophisticated Phishing and Social Engineering: Knowing which exchange a person likely uses allows for extremely convincing phishing emails that mimic official communications (e.g., “Urgent Security Alert for your Coinbase Account” or “Action Required: Verify Your KuCoin Login”). These attacks are designed to create a sense of urgency and trick users into entering their credentials on a fraudulent login page.
• Likely Aggregation from Third-Party or Previous Breaches: It is highly improbable that all these major, competing exchanges were breached at the same time. The data is more likely a “combo list” aggregated from numerous other known data breaches where users registered with the same email, or from a single compromise of a third-party service connected to all of them. However, this does not reduce the risk to the individuals whose data is now compiled and being actively sold.

Mitigation Strategies

In response to this significant threat, all cryptocurrency users must take immediate and proactive security measures:

• Immediately Migrate from SMS-Based 2FA: This is the single most critical action. All cryptocurrency exchange users must immediately stop using SMS for two-factor authentication (2FA). They should migrate to a more secure, phishing-resistant method like a Time-based One-Time Password (TOTP) from an authenticator app (e.g., Google Authenticator, Authy) or, for maximum security, a hardware security key (e.g., YubiKey).
• Implement Enhanced Account Security Measures: Users should contact their mobile carrier and set up a verbal password or security PIN on their account to make unauthorized SIM swaps more difficult. Within the crypto exchanges, users should enable all available security features, such as withdrawal address whitelisting and platform-specific anti-phishing codes.
• Be on High Alert for Targeted Phishing: All users of the named exchanges should now assume they will be targeted with sophisticated scams. They must treat all unsolicited emails, texts, and calls with extreme suspicion and never click on links or provide credentials in response to an “urgent” security alert. Always log in directly by typing the official website URL into the browser or using the official mobile app.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? Brinztech provides cybersecurity services worldwide and does not endorse or guarantee the accuracy of external claims. For any inquiries or to report this post, please email: contact@brinztech.com